Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Q5tPhYkjdvVSGpMb0RBxZ6vKbDU.roa
File: Q5tPhYkjdvVSGpMb0RBxZ6vKbDU.roa (raw, json)
Hash identifier: eCop0E9RNzoRRZ9E/iHjYE1tcGlCnDa1rGGG7XIoMzc=
Subject key identifier: 43:9B:4F:85:89:23:76:F5:52:1A:93:1B:D1:10:71:67:AB:CA:6C:35
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01870D85373CBB481C56D45B081D050D9A76
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Q5tPhYkjdvVSGpMb0RBxZ6vKbDU.roa
Signing time: Thu 23 Mar 2023 08:10:46 +0000
ROA not before: Thu 23 Mar 2023 08:10:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43146
IP address blocks: 194.116.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:0d:85:37:3c:bb:48:1c:56:d4:5b:08:1d:05:0d:9a:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Mar 23 08:10:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=439b4f85892376f5521a931bd1107167abca6c35
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:63:68:ee:94:90:0f:08:c1:85:de:08:c8:c4:
01:32:f4:89:20:a8:d4:6b:c6:fd:7b:93:ee:df:f3:
c1:3f:e9:bb:d7:ae:21:b2:62:76:6a:12:3b:07:c7:
bd:90:f6:69:12:2d:d5:fa:ac:fb:f7:10:57:98:bc:
93:8e:85:db:33:f8:84:3b:37:1e:a6:21:0e:c7:4f:
ce:06:d6:80:e6:fc:51:14:43:32:6e:b0:00:fe:89:
99:20:1d:77:72:fb:94:41:69:7f:6d:8b:80:9b:64:
f5:4b:6e:05:24:d9:87:74:4e:67:1b:93:40:26:d8:
99:5c:5c:cf:f5:0e:56:cb:65:5b:d3:5d:3c:fc:d9:
5e:b5:8f:88:9d:ed:60:53:56:44:94:3e:ec:ab:75:
e2:3a:37:fc:4e:8e:a4:07:4d:95:ed:8a:43:0c:ba:
99:07:83:e3:49:a0:aa:e4:7f:32:4e:35:27:15:48:
60:8a:49:4e:70:43:45:f0:5d:6b:6f:1a:89:04:df:
e0:55:65:fd:0a:ca:90:6b:da:3c:21:9b:dd:41:d5:
84:ef:c7:e5:47:cb:8f:5f:f7:70:a8:33:e5:f7:a6:
48:ca:13:41:8b:82:e4:c3:51:9e:4c:c6:f0:24:a4:
4d:96:cd:95:68:30:33:0e:0f:73:5c:e6:d7:72:3e:
6c:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:9B:4F:85:89:23:76:F5:52:1A:93:1B:D1:10:71:67:AB:CA:6C:35
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Q5tPhYkjdvVSGpMb0RBxZ6vKbDU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.116.162.0/24
Signature Algorithm: sha256WithRSAEncryption
97:45:ef:08:72:92:71:9b:3f:17:1a:8d:db:48:d9:47:de:90:
be:ca:4c:92:3c:31:2e:01:e1:29:69:9b:a4:db:01:b6:f6:52:
5e:92:88:6c:b1:48:0c:83:fd:e3:fb:3a:1c:c1:cc:ed:a5:af:
e6:57:66:34:54:a8:93:04:e3:d1:56:8d:c0:37:37:9d:6f:e3:
e3:a2:73:b8:dd:11:f7:72:2d:86:f5:07:cc:43:b9:13:88:06:
01:9c:58:55:eb:0e:21:d4:54:42:a4:10:67:95:d7:bd:0e:6c:
37:72:04:6f:a8:4d:0a:f0:1a:66:1e:d1:b5:5f:21:27:a2:07:
26:20:97:86:4e:fe:c3:ba:5e:05:c8:b1:f5:94:0a:a1:a5:9f:
df:9e:3f:25:79:f3:17:92:10:ed:22:45:b5:6b:05:5a:b7:dc:
22:42:8d:ed:46:8f:9a:e0:cc:24:7f:2a:3f:b5:aa:a2:5b:42:
2e:3b:f4:a7:ab:80:6d:51:c0:36:c0:b6:66:91:24:2e:31:e6:
96:99:4c:99:a7:25:4d:1e:d6:d8:45:ce:7d:cc:b2:cb:d7:46:
23:74:60:45:9a:67:b1:5f:a3:de:a8:6f:60:07:c8:a4:49:8d:
8a:54:1a:a7:4f:21:24:d2:ef:bb:27:b6:7d:84:6b:c2:8b:87:
15:92:44:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYcNhTc8u0gcVtRbCB0FDZp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMzIzMDgxMDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzliNGY4NTg5MjM3NmY1NTIxYTkzMWJkMTEwNzE2N2FiY2E2YzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2No7pSQDwjBhd4IyMQBMvSJIKjU
a8b9e5Pu3/PBP+m7164hsmJ2ahI7B8e9kPZpEi3V+qz79xBXmLyTjoXbM/iEOzce
piEOx0/OBtaA5vxRFEMybrAA/omZIB13cvuUQWl/bYuAm2T1S24FJNmHdE5nG5NA
JtiZXFzP9Q5Wy2Vb0108/NletY+Ine1gU1ZElD7sq3XiOjf8To6kB02V7YpDDLqZ
B4PjSaCq5H8yTjUnFUhgiklOcENF8F1rbxqJBN/gVWX9CsqQa9o8IZvdQdWE78fl
R8uPX/dwqDPl96ZIyhNBi4Lkw1GeTMbwJKRNls2VaDAzDg9zXObXcj5skQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEObT4WJI3b1UhqTG9EQcWerymw1MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvUTV0UGhZa2pkdlZTR3BNYjBSQnhaNnZLYkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnSiMA0G
CSqGSIb3DQEBCwUAA4IBAQCXRe8IcpJxmz8XGo3bSNlH3pC+ykySPDEuAeEpaZuk
2wG29lJekohssUgMg/3j+zocwcztpa/mV2Y0VKiTBOPRVo3ANzedb+PjonO43RH3
ci2G9QfMQ7kTiAYBnFhV6w4h1FRCpBBnlde9Dmw3cgRvqE0K8BpmHtG1XyEnogcm
IJeGTv7Dul4FyLH1lAqhpZ/fnj8lefMXkhDtIkW1awVat9wiQo3tRo+a4Mwkfyo/
taqiW0IuO/Snq4BtUcA2wLZmkSQuMeaWmUyZpyVNHtbYRc59zLLL10YjdGBFmmex
X6PeqG9gB8ikSY2KVBqnTyEk0u+7J7Z9hGvCi4cVkkQT
-----END CERTIFICATE-----
Generated at Fri Jun 6 19:45:03 2025 by rpki-client